{"id":13490415,"url":"https://github.com/discord/lilliput","last_synced_at":"2026-01-12T01:51:49.892Z","repository":{"id":38847758,"uuid":"86122120","full_name":"discord/lilliput","owner":"discord","description":"Resize images and animated GIFs in Go","archived":false,"fork":false,"pushed_at":"2025-12-19T22:36:30.000Z","size":532121,"stargazers_count":2033,"open_issues_count":18,"forks_count":124,"subscribers_count":46,"default_branch":"master","last_synced_at":"2025-12-21T23:40:57.127Z","etag":null,"topics":["cgo","crop","gif","golang","image","image-resizer","imageops","images","jpeg","png","resize-images","resized-images","thumbnail","webp"],"latest_commit_sha":null,"homepage":"https://discord.com/blog/how-discord-resizes-150-million-images-every-day-with-go-and-c","language":"C++","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/discord.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2017-03-25T00:46:39.000Z","updated_at":"2025-12-19T22:36:35.000Z","dependencies_parsed_at":"2023-02-17T00:01:10.469Z","dependency_job_id":"6c83f093-87a2-4f7c-a5f2-e3281aab2bc0","html_url":"https://github.com/discord/lilliput","commit_stats":{"total_commits":280,"total_committers":22,"mean_commits":"12.727272727272727","dds":"0.30000000000000004","last_synced_commit":"f69d0d3767ebc9a17f3d6eed9971e2253ded2883"},"previous_names":["discordapp/lilliput"],"tags_count":12,"template":false,"template_full_name":null,"purl":"pkg:github/discord/lilliput","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/discord%2Flilliput","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/discord%2Flilliput/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/discord%2Flilliput/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/discord%2Flilliput/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/discord","download_url":"https://codeload.github.com/discord/lilliput/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/discord%2Flilliput/sbom","scorecard":{"id":344590,"data":{"date":"2025-08-11","repo":{"name":"github.com/discord/lilliput","commit":"624586ff8013f5d1b6220c736768017d870220bf"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":2.8,"checks":[{"name":"Code-Review","score":8,"reason":"Found 21/25 approved changesets -- score normalized to 8","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Maintained","score":5,"reason":"6 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 5","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Token-Permissions","score":0,"reason":"detected GitHub workflow tokens with excessive permissions","details":["Warn: no topLevel permission defined: .github/workflows/ci.yaml:1","Warn: no topLevel permission defined: .github/workflows/clang-format-check.yml:1","Warn: no topLevel permission defined: .github/workflows/deps.yaml:1","Info: no jobLevel write permissions found"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"Security-Policy","score":0,"reason":"security policy file not detected","details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"License","score":9,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Warn: project license file does not contain an FSF or OSI license."],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"Binary-Artifacts","score":0,"reason":"binaries present in source code","details":["Warn: binary detected: deps/linux/aarch64/lib/libaom.a:1","Warn: binary detected: deps/linux/aarch64/lib/libavcodec.a:1","Warn: binary detected: deps/linux/aarch64/lib/libavdevice.a:1","Warn: binary detected: deps/linux/aarch64/lib/libavfilter.a:1","Warn: binary detected: deps/linux/aarch64/lib/libavformat.a:1","Warn: binary detected: deps/linux/aarch64/lib/libavif.a:1","Warn: binary detected: deps/linux/aarch64/lib/libavutil.a:1","Warn: binary detected: deps/linux/aarch64/lib/libbz2.a:1","Warn: binary detected: deps/linux/aarch64/lib/libdav1d.a:1","Warn: binary detected: deps/linux/aarch64/lib/libgif.a:1","Warn: binary detected: deps/linux/aarch64/lib/libjpeg.a:1","Warn: binary detected: deps/linux/aarch64/lib/liblcms2.a:1","Warn: binary detected: deps/linux/aarch64/lib/libopencv_core.a:1","Warn: binary detected: deps/linux/aarch64/lib/libopencv_highgui.a:1","Warn: binary detected: deps/linux/aarch64/lib/libopencv_imgcodecs.a:1","Warn: binary detected: deps/linux/aarch64/lib/libopencv_imgproc.a:1","Warn: binary detected: deps/linux/aarch64/lib/libopencv_photo.a:1","Warn: binary detected: deps/linux/aarch64/lib/libpng16.a:1","Warn: binary detected: deps/linux/aarch64/lib/libsharpyuv.a:1","Warn: binary detected: deps/linux/aarch64/lib/libswresample.a:1","Warn: binary detected: deps/linux/aarch64/lib/libswscale.a:1","Warn: binary detected: deps/linux/aarch64/lib/libturbojpeg.a:1","Warn: binary detected: deps/linux/aarch64/lib/libwebp.a:1","Warn: binary detected: deps/linux/aarch64/lib/libwebpdemux.a:1","Warn: binary detected: deps/linux/aarch64/lib/libwebpmux.a:1","Warn: binary detected: deps/linux/aarch64/lib/libyuv.a:1","Warn: binary detected: deps/linux/aarch64/lib/libz.a:1","Warn: binary detected: deps/linux/aarch64/lib/opencv4/3rdparty/libittnotify.a:1","Warn: binary detected: deps/linux/aarch64/lib/opencv4/3rdparty/liblibopenjp2.a:1","Warn: binary detected: deps/linux/aarch64/lib/opencv4/3rdparty/liblibpng.a:1","Warn: binary detected: deps/linux/amd64/lib/libaom.a:1","Warn: binary detected: deps/linux/amd64/lib/libavcodec.a:1","Warn: binary detected: deps/linux/amd64/lib/libavdevice.a:1","Warn: binary detected: deps/linux/amd64/lib/libavfilter.a:1","Warn: binary detected: deps/linux/amd64/lib/libavformat.a:1","Warn: binary detected: deps/linux/amd64/lib/libavif.a:1","Warn: binary detected: deps/linux/amd64/lib/libavutil.a:1","Warn: binary detected: deps/linux/amd64/lib/libbz2.a:1","Warn: binary detected: deps/linux/amd64/lib/libdav1d.a:1","Warn: binary detected: deps/linux/amd64/lib/libgif.a:1","Warn: binary detected: deps/linux/amd64/lib/libjpeg.a:1","Warn: binary detected: deps/linux/amd64/lib/liblcms2.a:1","Warn: binary detected: deps/linux/amd64/lib/libopencv_core.a:1","Warn: binary detected: deps/linux/amd64/lib/libopencv_highgui.a:1","Warn: binary detected: deps/linux/amd64/lib/libopencv_imgcodecs.a:1","Warn: binary detected: deps/linux/amd64/lib/libopencv_imgproc.a:1","Warn: binary detected: deps/linux/amd64/lib/libopencv_photo.a:1","Warn: binary detected: deps/linux/amd64/lib/libpng16.a:1","Warn: binary detected: deps/linux/amd64/lib/libsharpyuv.a:1","Warn: binary detected: deps/linux/amd64/lib/libswresample.a:1","Warn: binary detected: deps/linux/amd64/lib/libswscale.a:1","Warn: binary detected: deps/linux/amd64/lib/libturbojpeg.a:1","Warn: binary detected: deps/linux/amd64/lib/libwebp.a:1","Warn: binary detected: deps/linux/amd64/lib/libwebpdemux.a:1","Warn: binary detected: deps/linux/amd64/lib/libwebpmux.a:1","Warn: binary detected: deps/linux/amd64/lib/libyuv.a:1","Warn: binary detected: deps/linux/amd64/lib/libz.a:1","Warn: binary detected: deps/linux/amd64/lib/opencv4/3rdparty/libippicv.a:1","Warn: binary detected: deps/linux/amd64/lib/opencv4/3rdparty/libippiw.a:1","Warn: binary detected: deps/linux/amd64/lib/opencv4/3rdparty/libittnotify.a:1","Warn: binary detected: deps/linux/amd64/lib/opencv4/3rdparty/liblibopenjp2.a:1","Warn: binary detected: deps/osx/lib/libaom.a:1","Warn: binary detected: deps/osx/lib/libavcodec.a:1","Warn: binary detected: deps/osx/lib/libavdevice.a:1","Warn: binary detected: deps/osx/lib/libavfilter.a:1","Warn: binary detected: deps/osx/lib/libavformat.a:1","Warn: binary detected: deps/osx/lib/libavif.a:1","Warn: binary detected: deps/osx/lib/libavutil.a:1","Warn: binary detected: deps/osx/lib/libbz2.a:1","Warn: binary detected: deps/osx/lib/libdav1d.a:1","Warn: binary detected: deps/osx/lib/libgif.a:1","Warn: binary detected: deps/osx/lib/libjpeg.a:1","Warn: binary detected: deps/osx/lib/liblcms2.a:1","Warn: binary detected: deps/osx/lib/libopencv_core.a:1","Warn: binary detected: deps/osx/lib/libopencv_highgui.a:1","Warn: binary detected: deps/osx/lib/libopencv_imgcodecs.a:1","Warn: binary detected: deps/osx/lib/libopencv_imgproc.a:1","Warn: binary detected: deps/osx/lib/libopencv_photo.a:1","Warn: binary detected: deps/osx/lib/libpng.a:1","Warn: binary detected: deps/osx/lib/libpng16.a:1","Warn: binary detected: deps/osx/lib/libsharpyuv.a:1","Warn: binary detected: deps/osx/lib/libswresample.a:1","Warn: binary detected: deps/osx/lib/libswscale.a:1","Warn: binary detected: deps/osx/lib/libturbojpeg.a:1","Warn: binary detected: deps/osx/lib/libwebp.a:1","Warn: binary detected: deps/osx/lib/libwebpdemux.a:1","Warn: binary detected: deps/osx/lib/libwebpmux.a:1","Warn: binary detected: deps/osx/lib/libyuv.a:1","Warn: binary detected: deps/osx/lib/libz.a:1","Warn: binary detected: deps/osx/lib/opencv4/3rdparty/libittnotify.a:1","Warn: binary detected: deps/osx/lib/opencv4/3rdparty/liblibopenjp2.a:1","Warn: binary detected: deps/osx/lib/opencv4/3rdparty/liblibwebp.a:1","Warn: binary detected: examples/example:1"],"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Branch-Protection","score":0,"reason":"branch protection not enabled on development/release branches","details":["Warn: branch protection not enabled for branch 'master'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"Pinned-Dependencies","score":0,"reason":"dependency not pinned by hash detected -- score normalized to 0","details":["Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:27: update your workflow using https://app.stepsecurity.io/secureworkflow/discord/lilliput/ci.yaml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:30: update your workflow using https://app.stepsecurity.io/secureworkflow/discord/lilliput/ci.yaml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:52: update your workflow using https://app.stepsecurity.io/secureworkflow/discord/lilliput/ci.yaml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/clang-format-check.yml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/discord/lilliput/clang-format-check.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/clang-format-check.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/discord/lilliput/clang-format-check.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/deps.yaml:135: update your workflow using https://app.stepsecurity.io/secureworkflow/discord/lilliput/deps.yaml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/deps.yaml:156: update your workflow using https://app.stepsecurity.io/secureworkflow/discord/lilliput/deps.yaml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/deps.yaml:178: update your workflow using https://app.stepsecurity.io/secureworkflow/discord/lilliput/deps.yaml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/deps.yaml:191: update your workflow using https://app.stepsecurity.io/secureworkflow/discord/lilliput/deps.yaml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/deps.yaml:194: update your workflow using https://app.stepsecurity.io/secureworkflow/discord/lilliput/deps.yaml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/deps.yaml:200: update your workflow using https://app.stepsecurity.io/secureworkflow/discord/lilliput/deps.yaml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/deps.yaml:206: update your workflow using https://app.stepsecurity.io/secureworkflow/discord/lilliput/deps.yaml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/deps.yaml:24: update your workflow using https://app.stepsecurity.io/secureworkflow/discord/lilliput/deps.yaml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/deps.yaml:43: update your workflow using https://app.stepsecurity.io/secureworkflow/discord/lilliput/deps.yaml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/deps.yaml:65: update your workflow using https://app.stepsecurity.io/secureworkflow/discord/lilliput/deps.yaml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/deps.yaml:75: update your workflow using https://app.stepsecurity.io/secureworkflow/discord/lilliput/deps.yaml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/deps.yaml:103: update your workflow using https://app.stepsecurity.io/secureworkflow/discord/lilliput/deps.yaml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/deps.yaml:124: update your workflow using https://app.stepsecurity.io/secureworkflow/discord/lilliput/deps.yaml/master?enable=pin","Info:   0 out of  17 GitHub-owned GitHubAction dependencies pinned","Info:   0 out of   1 third-party GitHubAction dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"Vulnerabilities","score":0,"reason":"246 existing vulnerabilities detected","details":["Warn: Project is vulnerable to: CVE-2020-23928","Warn: Project is vulnerable to: CVE-2020-23930","Warn: Project is vulnerable to: CVE-2020-23931","Warn: Project is vulnerable to: CVE-2020-23932","Warn: Project is vulnerable to: CVE-2020-35979","Warn: Project is vulnerable to: CVE-2020-35980","Warn: Project is vulnerable to: CVE-2020-35981","Warn: Project is vulnerable to: CVE-2020-35982","Warn: Project is vulnerable to: CVE-2021-21834","Warn: Project is vulnerable to: CVE-2021-21835","Warn: Project is vulnerable to: CVE-2021-21836","Warn: Project is vulnerable to: CVE-2021-21837","Warn: Project is vulnerable to: CVE-2021-21838","Warn: Project is vulnerable to: CVE-2021-21839","Warn: Project is vulnerable to: CVE-2021-21840","Warn: Project is vulnerable to: CVE-2021-21841","Warn: Project is vulnerable to: CVE-2021-21842","Warn: Project is vulnerable to: CVE-2021-21843","Warn: Project is vulnerable to: CVE-2021-21844","Warn: Project is vulnerable to: CVE-2021-21845","Warn: Project is vulnerable to: CVE-2021-21846","Warn: Project is vulnerable to: CVE-2021-21847","Warn: Project is vulnerable to: CVE-2021-21848","Warn: Project is vulnerable to: CVE-2021-21849","Warn: Project is vulnerable to: CVE-2021-21850","Warn: Project is vulnerable to: CVE-2021-21851","Warn: Project is vulnerable to: CVE-2021-21852","Warn: Project is vulnerable to: CVE-2021-21853","Warn: Project is vulnerable to: CVE-2021-21854","Warn: Project is vulnerable to: CVE-2021-21855","Warn: Project is vulnerable to: CVE-2021-21856","Warn: Project is vulnerable to: CVE-2021-21857","Warn: Project is vulnerable to: CVE-2021-21858","Warn: Project is vulnerable to: CVE-2021-21859","Warn: Project is vulnerable to: CVE-2021-21860","Warn: Project is vulnerable to: CVE-2021-21861","Warn: Project is vulnerable to: CVE-2021-21862","Warn: Project is vulnerable to: CVE-2021-29279","Warn: Project is vulnerable to: CVE-2021-30014","Warn: Project is vulnerable to: CVE-2021-30015","Warn: Project is vulnerable to: CVE-2021-30019","Warn: Project is vulnerable to: CVE-2021-30020","Warn: Project is vulnerable to: CVE-2021-30022","Warn: Project is vulnerable to: CVE-2021-30199","Warn: Project is vulnerable to: CVE-2021-31254","Warn: Project is vulnerable to: CVE-2021-31255","Warn: Project is vulnerable to: CVE-2021-31256","Warn: Project is vulnerable to: CVE-2021-31257","Warn: Project is vulnerable to: CVE-2021-31258","Warn: Project is vulnerable to: CVE-2021-31259","Warn: Project is vulnerable to: CVE-2021-31260","Warn: Project is vulnerable to: CVE-2021-31261","Warn: Project is vulnerable to: CVE-2021-31262","Warn: Project is vulnerable to: CVE-2021-32132","Warn: Project is vulnerable to: CVE-2021-32134","Warn: Project is vulnerable to: CVE-2021-32135","Warn: Project is vulnerable to: CVE-2021-32136","Warn: Project is vulnerable to: CVE-2021-32137","Warn: Project is vulnerable to: CVE-2021-32138","Warn: Project is vulnerable to: CVE-2021-32139","Warn: Project is vulnerable to: CVE-2021-32268","Warn: Project is vulnerable to: CVE-2021-32269","Warn: Project is vulnerable to: CVE-2021-32270","Warn: Project is vulnerable to: CVE-2021-32271","Warn: Project is vulnerable to: CVE-2021-32437","Warn: Project is vulnerable to: CVE-2021-32438","Warn: Project is vulnerable to: CVE-2021-32439","Warn: Project is vulnerable to: CVE-2021-32440","Warn: Project is vulnerable to: CVE-2021-33361","Warn: Project is vulnerable to: CVE-2021-33362","Warn: Project is vulnerable to: CVE-2021-33363","Warn: Project is vulnerable to: CVE-2021-33364","Warn: Project is vulnerable to: CVE-2021-33365","Warn: Project is vulnerable to: CVE-2021-33366","Warn: Project is vulnerable to: CVE-2021-36412","Warn: Project is vulnerable to: CVE-2021-36414","Warn: Project is vulnerable to: CVE-2021-36417","Warn: Project is vulnerable to: CVE-2021-36584","Warn: Project is vulnerable to: CVE-2021-4043","Warn: Project is vulnerable to: CVE-2021-40559","Warn: Project is vulnerable to: CVE-2021-40562","Warn: Project is vulnerable to: CVE-2021-40563","Warn: Project is vulnerable to: CVE-2021-40564","Warn: Project is vulnerable to: CVE-2021-40565","Warn: Project is vulnerable to: CVE-2021-40566","Warn: Project is vulnerable to: CVE-2021-40567","Warn: Project is vulnerable to: CVE-2021-40568","Warn: Project is vulnerable to: CVE-2021-40569","Warn: Project is vulnerable to: CVE-2021-40570","Warn: Project is vulnerable to: CVE-2021-40571","Warn: Project is vulnerable to: CVE-2021-40572","Warn: Project is vulnerable to: CVE-2021-40573","Warn: Project is vulnerable to: CVE-2021-40574","Warn: Project is vulnerable to: CVE-2021-40575","Warn: Project is vulnerable to: CVE-2021-40576","Warn: Project is vulnerable to: CVE-2021-40592","Warn: Project is vulnerable to: CVE-2021-40606","Warn: Project is vulnerable to: CVE-2021-40607","Warn: Project is vulnerable to: CVE-2021-40608","Warn: Project is vulnerable to: CVE-2021-40609","Warn: Project is vulnerable to: CVE-2021-41456","Warn: Project is vulnerable to: CVE-2021-41459","Warn: Project is vulnerable to: CVE-2021-45288","Warn: Project is vulnerable to: CVE-2021-45289","Warn: Project is vulnerable to: CVE-2021-45291","Warn: Project is vulnerable to: CVE-2021-45292","Warn: Project is vulnerable to: CVE-2021-45831","Warn: Project is vulnerable to: CVE-2021-46038","Warn: Project is vulnerable to: CVE-2021-46039","Warn: Project is vulnerable to: CVE-2021-46040","Warn: Project is vulnerable to: CVE-2021-46041","Warn: Project is vulnerable to: CVE-2021-46042","Warn: Project is vulnerable to: CVE-2021-46043","Warn: Project is vulnerable to: CVE-2021-46044","Warn: Project is vulnerable to: CVE-2021-46045","Warn: Project is vulnerable to: CVE-2021-46046","Warn: Project is vulnerable to: CVE-2021-46047","Warn: Project is vulnerable to: CVE-2021-46049","Warn: Project is vulnerable to: CVE-2021-46051","Warn: Project is vulnerable to: CVE-2022-1035","Warn: Project is vulnerable to: CVE-2022-1172","Warn: Project is vulnerable to: CVE-2022-1222","Warn: Project is vulnerable to: CVE-2022-1441","Warn: Project is vulnerable to: CVE-2022-1795","Warn: Project is vulnerable to: CVE-2022-24249","Warn: Project is vulnerable to: CVE-2022-2453","Warn: Project is vulnerable to: CVE-2022-2454","Warn: Project is vulnerable to: CVE-2022-24574","Warn: Project is vulnerable to: CVE-2022-24575","Warn: Project is vulnerable to: CVE-2022-24576","Warn: Project is vulnerable to: CVE-2022-24577","Warn: Project is vulnerable to: CVE-2022-24578","Warn: Project is vulnerable to: CVE-2022-2549","Warn: Project is vulnerable to: CVE-2022-26967","Warn: Project is vulnerable to: CVE-2022-27145","Warn: Project is vulnerable to: CVE-2022-27146","Warn: Project is vulnerable to: CVE-2022-27147","Warn: Project is vulnerable to: CVE-2022-27148","Warn: Project is vulnerable to: CVE-2022-29339","Warn: Project is vulnerable to: CVE-2022-29340","Warn: Project is vulnerable to: CVE-2022-29537","Warn: Project is vulnerable to: CVE-2022-30976","Warn: Project is vulnerable to: CVE-2022-3178","Warn: Project is vulnerable to: CVE-2022-3222","Warn: Project is vulnerable to: CVE-2022-36190","Warn: Project is vulnerable to: CVE-2022-36191","Warn: Project is vulnerable to: CVE-2022-38530","Warn: Project is vulnerable to: CVE-2022-3957","Warn: Project is vulnerable to: CVE-2022-4202","Warn: Project is vulnerable to: CVE-2022-43039","Warn: Project is vulnerable to: CVE-2022-43040","Warn: Project is vulnerable to: CVE-2022-43042","Warn: Project is vulnerable to: CVE-2022-43043","Warn: Project is vulnerable to: CVE-2022-43044","Warn: Project is vulnerable to: CVE-2022-43045","Warn: Project is vulnerable to: CVE-2022-43254","Warn: Project is vulnerable to: CVE-2022-43255","Warn: Project is vulnerable to: CVE-2022-45202","Warn: Project is vulnerable to: CVE-2022-45204","Warn: Project is vulnerable to: CVE-2022-45283","Warn: Project is vulnerable to: CVE-2022-45343","Warn: Project is vulnerable to: CVE-2022-46489","Warn: Project is vulnerable to: CVE-2022-46490","Warn: Project is vulnerable to: CVE-2022-47086","Warn: Project is vulnerable to: CVE-2022-47087","Warn: Project is vulnerable to: CVE-2022-47088","Warn: Project is vulnerable to: CVE-2022-47089","Warn: Project is vulnerable to: CVE-2022-47090","Warn: Project is vulnerable to: CVE-2022-47091","Warn: Project is vulnerable to: CVE-2022-47092","Warn: Project is vulnerable to: CVE-2022-47093","Warn: Project is vulnerable to: CVE-2022-47094","Warn: Project is vulnerable to: CVE-2022-47095","Warn: Project is vulnerable to: CVE-2022-47653","Warn: Project is vulnerable to: CVE-2022-47654","Warn: Project is vulnerable to: CVE-2022-47656","Warn: Project is vulnerable to: CVE-2022-47657","Warn: Project is vulnerable to: CVE-2022-47658","Warn: Project is vulnerable to: CVE-2022-47659","Warn: Project is vulnerable to: CVE-2022-47660","Warn: Project is vulnerable to: CVE-2022-47661","Warn: Project is vulnerable to: CVE-2022-47662","Warn: Project is vulnerable to: CVE-2022-47663","Warn: Project is vulnerable to: CVE-2023-0358","Warn: Project is vulnerable to: CVE-2023-0760","Warn: Project is vulnerable to: CVE-2023-0770","Warn: Project is vulnerable to: CVE-2023-0817","Warn: Project is vulnerable to: CVE-2023-0818","Warn: Project is vulnerable to: CVE-2023-0819","Warn: Project is vulnerable to: CVE-2023-0841","Warn: Project is vulnerable to: CVE-2023-0866","Warn: Project is vulnerable to: CVE-2023-1654","Warn: Project is vulnerable to: CVE-2023-1655","Warn: Project is vulnerable to: CVE-2023-23143","Warn: Project is vulnerable to: CVE-2023-23144","Warn: Project is vulnerable to: CVE-2023-23145","Warn: Project is vulnerable to: CVE-2023-2837","Warn: Project is vulnerable to: CVE-2023-2838","Warn: Project is vulnerable to: CVE-2023-2839","Warn: Project is vulnerable to: CVE-2023-2840","Warn: Project is vulnerable to: CVE-2023-3012","Warn: Project is vulnerable to: CVE-2023-3013","Warn: Project is vulnerable to: CVE-2023-3291","Warn: Project is vulnerable to: CVE-2023-3523","Warn: Project is vulnerable to: CVE-2023-41000","Warn: Project is vulnerable to: CVE-2023-42298","Warn: Project is vulnerable to: CVE-2023-46001","Warn: Project is vulnerable to: CVE-2023-4678","Warn: Project is vulnerable to: CVE-2023-4679","Warn: Project is vulnerable to: CVE-2023-4681","Warn: Project is vulnerable to: CVE-2023-4682","Warn: Project is vulnerable to: CVE-2023-4683","Warn: Project is vulnerable to: CVE-2023-46927","Warn: Project is vulnerable to: CVE-2023-46928","Warn: Project is vulnerable to: CVE-2023-46929","Warn: Project is vulnerable to: CVE-2023-46930","Warn: Project is vulnerable to: CVE-2023-4720","Warn: Project is vulnerable to: CVE-2023-4721","Warn: Project is vulnerable to: CVE-2023-4722","Warn: Project is vulnerable to: CVE-2023-47465","Warn: Project is vulnerable to: CVE-2023-4754","Warn: Project is vulnerable to: CVE-2023-4755","Warn: Project is vulnerable to: CVE-2023-4756","Warn: Project is vulnerable to: CVE-2023-4758","Warn: Project is vulnerable to: CVE-2023-4778","Warn: Project is vulnerable to: CVE-2023-48011","Warn: Project is vulnerable to: CVE-2023-48013","Warn: Project is vulnerable to: CVE-2023-48014","Warn: Project is vulnerable to: CVE-2023-5377","Warn: Project is vulnerable to: CVE-2023-5520","Warn: Project is vulnerable to: CVE-2023-5586","Warn: Project is vulnerable to: CVE-2023-5595","Warn: Project is vulnerable to: CVE-2023-5998","Warn: Project is vulnerable to: CVE-2024-0321","Warn: Project is vulnerable to: CVE-2024-0322","Warn: Project is vulnerable to: CVE-2024-24265","Warn: Project is vulnerable to: CVE-2024-24266","Warn: Project is vulnerable to: CVE-2024-24267","Warn: Project is vulnerable to: CVE-2024-50664","Warn: Project is vulnerable to: CVE-2024-50665","Warn: Project is vulnerable to: CVE-2024-6061","Warn: Project is vulnerable to: CVE-2024-6062","Warn: Project is vulnerable to: CVE-2024-6063","Warn: Project is vulnerable to: CVE-2024-6064","Warn: Project is vulnerable to: CVE-2025-25723","Warn: Project is vulnerable to: CVE-2025-7797"],"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}},{"name":"SAST","score":0,"reason":"SAST tool is not run on all commits -- score normalized to 0","details":["Warn: 0 commits out of 30 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}}]},"last_synced_at":"2025-08-18T06:45:00.841Z","repository_id":38847758,"created_at":"2025-08-18T06:45:00.841Z","updated_at":"2025-08-18T06:45:00.841Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28253416,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2026-01-09T02:00:07.210Z","response_time":75,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["cgo","crop","gif","golang","image","image-resizer","imageops","images","jpeg","png","resize-images","resized-images","thumbnail","webp"],"created_at":"2024-07-31T19:00:46.372Z","updated_at":"2026-01-12T01:51:49.877Z","avatar_url":"https://github.com/discord.png","language":"C++","funding_links":[],"categories":["C++"],"sub_categories":[],"readme":"# lilliput\n\n[lilliput](https://en.wiktionary.org/wiki/lilliputian#Adjective) resizes images in Go.\n\nLilliput relies on mature, high-performance C libraries to do most of the work of\ndecompressing, resizing and compressing images. It aims to do as little memory\nallocation as possible and especially not to create garbage in Go. As a result,\nit is suitable for very high throughput image resizing services.\n\nLilliput supports resizing JPEG, PNG, WebP (both static and animated), AVIF (both static and animated), and animated GIFs. It can also convert between these formats.\nLilliput also has some support for getting the first frame from MOV and WEBM\nvideos.\n\n**Lilliput presently only supports OSX ARM64 and Linux.**\n\n## Example\nLilliput comes with a [fully working example](examples/main.go) that runs on the command line. The\nexample takes a user supplied filename and prints some basic info about the file.\nIt then resizes and transcodes the image (if flags are supplied) and saves the\nresulting file.\n\nTo use the example, `go get github.com/discord/lilliput` and then run\n`go build` from the examples/ directory.\n\n## License\n\nLilliput is released under MIT license (see [LICENSE](LICENSE)). Additionally, lilliput ships with other\nlibraries, each provided under its own license. See [third-party-licenses](third-party-licenses/) for\nmore info.\n\n## Usage\n\nFirst, `import \"github.com/discord/lilliput\"`.\n\n### Decoder\nLilliput is concerned with in-memory images, so the decoder requires image\ndata to be in a []byte buffer.\n\n```go\nfunc lilliput.NewDecoder([]byte buf) (lilliput.Decoder, error)\n```\nCreate a new `Decoder` object from the compressed image contained by `buf`.\nThis will return an error when the magic bytes of the buffer don't match\none of the supported image types.\n\n```go\nfunc (d lilliput.Decoder) Header() (lilliput.ImageHeader, error)\n```\nRead and return the image's header. The header contains the image's metadata.\nReturns error if the image has a malformed header. An image with a malformed\nheader cannot be decoded.\n\n```go\nfunc (d lilliput.Decoder) Description() string\n```\nReturns a string describing the image's type, e.g. `\"JPEG\"` or `\"PNG\"`.\n\n```go\nfunc (h lilliput.Decoder) Duration() time.Duration\n```\nReturns the length of the content. Returns 0 for static images and\nanimated GIFs.\n\n```go\nfunc (d lilliput.Decoder) DecodeTo(f *lilliput.Framebuffer) error\n```\nFully decodes the image and writes its pixel data to `f`. Returns an error\nif the decoding process fails. If the image contains multiple frames,\nthen each call returns a subsequent frame. `io.EOF` is returned when the image\ndoes not contain any more data to be decoded.\n\n**Users of lilliput generally should not call `DecodeTo` and should instead\nuse an ImageOps object.**\n\n```go\nfunc (d lilliput.Decoder) Close()\n```\nCloses the decoder and releases resources. The Decoder object must have\n`.Close()` called when it is no longer in use.\n\n### ImageOps\nLilliput provides a convenience object to handle image resizing and encoding from an\nopen Decoder object. The ImageOps object can be created and then reused, which reduces memory\nallocations. Generally, users should prefer the ImageOps object over manually controlling\nthe resize and encode process.\n\n```go\nfunc lilliput.NewImageOps(dimension int) *lilliput.ImageOps\n```\nCreate an ImageOps object that can operate on images up to `dimension x dimension` pixels in size.\nThis object can be reused for multiple operations.\n\n```go\nfunc (o *lilliput.ImageOps) Transform(decoder lilliput.Decoder, opts *lilliput.ImageOptions, dst []byte) ([]byte, error)\n```\nTransform the compressed image contained in a Decoder object into the desired output type. **The decoder must not\nhave DecodeTo() called on it already.** However, it is ok to call `decoder.Header()` if you would like to check\nimage properties before transforming the image. Returns an error if the resize or encoding process fails.\n\nThe resulting compressed image will be written into `dst`. The returned []byte\nslice will point to the same region as `dst` but with a different length, so that you can tell where the image ends.\n\nFields for `lilliput.ImageOptions` are as follows\n\n* `FileType`: file extension type, e.g. `\".jpeg\"`\n\n* `Width`: number of pixels of width of output image\n\n* `Height`: number of pixels of height of output image\n\n* `ResizeMethod`: one of `lilliput.ImageOpsNoResize` or `lilliput.ImageOpsFit`. `Fit` behavior\nis the same as `Framebuffer.Fit()` -- it performs a cropping resize that does not stretch the image.\n\n* `NormalizeOrientation`: If `true`, `Transform()` will inspect the image orientation and\nnormalize the output so that it is facing in the standard orientation. This will undo\nJPEG EXIF-based orientation.\n\n* `EncodeOptions`: Of type `map[int]int`, same options accepted as [Encoder.Encode()](#encoder). This\ncontrols output encode quality.\n\n```go\nfunc (o *lilliput.ImageOps) Clear()\n```\nClear out all pixel data contained in ImageOps object from any previous operations.\nThis function does not need to be called between Transform() calls. The user may choose\nto do this if they want to remove image data from memory.\n\n```go\nfunc (o *lilliput.ImageOps) Close()\n```\nClose the ImageOps object and release resources. The ImageOps object must have `.Close()` called when it is no longer in use.\n\n### ImageHeader\nThis interface returns basic metadata about an image. It is created by\ncalling `Decoder.Header()`.\n\n```go\nfunc (h lilliput.ImageHeader) Width() int\n```\nReturns the image's width in number of pixels.\n\n```go\nfunc (h lilliput.ImageHeader) Height() int\n```\nReturns the image's height in number of pixels.\n\n```go\nfunc (h lilliput.ImageHeader) PixelType() lilliput.PixelType\n```\nReturns the basic pixel type for the image's pixels.\n\n```go\nfunc (h lilliput.ImageHeader) Orientation() lilliput.ImageOrientation\n```\nReturns the metadata-based orientation of the image. This function can\nbe called on all image types but presently only detects orientation in\nJPEG images. An orientation value of 1 indicates default orientation.\nAll other values indicate some kind of rotation or mirroring.\n\n### PixelType\n\n```go\nfunc (p lilliput.PixelType) Depth() int\n```\nReturns the number of bits per pixel.\n\n```go\nfunc (p lilliput.PixelType) Channels() int\n```\nReturns the number of channels per pixel, e.g. 3 for RGB or 4 for RGBA.\n\n### Framebuffer\nThis type contains a raw array of pixels, decompressed from an image.\nIn general, you will want to use the ImageOps object instead of operating on\nFramebuffers manually.\n\n```go\nfunc lilliput.NewFramebuffer(width, height int) *lilliput.Framebuffer\n```\nCreate a new Framebuffer with given dimensions without any pixel data.\n\n```go\nfunc (f *lilliput.Framebuffer) Clear()\n```\nSet contents of framebuffer to 0, clearing out any previous pixel data.\n\n```go\nfunc (f *lilliput.Framebuffer) Width() int\n```\nReturns the width in number of pixels of the contained pixel data, if any.\nThis does not return the capacity of the buffer.\n\n```go\nfunc (f *lilliput.Framebuffer) Height() int\n```\nReturns the height in number of pixels of the contained pixel data, if any.\nThis does not return the capacity of the buffer.\n\n```go\nfunc (f *lilliput.Framebuffer) PixelType() lilliput.PixelType\n```\nReturns the `PixelType` of the contained pixel data, if any.\n\n```go\nfunc (f *lilliput.Framebuffer) OrientationTransform(orientation lilliput.ImageOrientation)\n```\nRotate and/or mirror framebuffer according to orientation value. If you\npass the `orientation` value given by the image's `ImageHeader`, then the\nresulting image has its orientation normalized to the\ndefault orientation.\n\n```go\nfunc (f *lilliput.Framebuffer) ResizeTo(width, height int, dst *lilliput.Framebuffer) error\n```\nPerform a resize into `dst` of `f` according to given dimensions. This function does not\npreserve the source's aspect ratio if the new dimensions have a different ratio. The\nresize can fail if the destination is not large enough to hold the new image.\n\n```go\nfunc (f *lilliput.Framebuffer) Fit(width, height int, dst *lilliput.Framebuffer) error\n```\nPerform a cropping resize into `dst` of `f` according to given dimensions. This function\ndoes preserve the source's aspect ratio. The image will be cropped along one axis if\nthe new dimensions have a different ratio than the source. The cropping will occur equally\non the edges, e.g. if the source image is too tall for the new ratio, then the destination will\nhave rows of pixels from the top and bottom removed. Returns error if the destination is\nnot large enough to contain the resized image.\n\n```go\nfunc (f *lilliput.Framebuffer) Close()\n```\nCloses the framebuffer and releases resources. The `Framebuffer` object must have `.Close()` called when it is no longer in use.\n\n### Encoder\nThe Encoder takes a Framebuffer and writes the pixels into a compressed format.\n\n```go\nfunc lilliput.NewEncoder(extension string, decodedBy lilliput.Decoder, dst []byte) (lilliput.Encoder, error)\n```\nCreate a new Encoder object that writes to `dst`. `extension` should be a file extension-like string,\ne.g. `\".jpeg\"` or `\".png\"`. `decodedBy` should be the `Decoder` used to decompress the image, if any.\n`decodedBy` may be left as `nil` in most cases but is required when creating a `.gif` encoder. That is,\n`.gif` outputs can only be created from source GIFs.\n\n```go\nfunc (e lilliput.Encoder) Encode(buffer lilliput.Framebuffer, opts map[int]int) ([]byte, error)\n```\nEncodes the Framebuffer supplied into the output `dst` given when the `Encoder` was created. The\nreturned []byte will point to the same buffer as `dst` but can be a shorter slice, so that if `dst`\nhas 50MB of capacity but the image only occupies 30KB, you can tell where the image data ends. This\nfunction returns an error if the encoding process fails.\n\n`opts` is optional and may be left `nil`. It is used to control encoder behavior\ne.g. `map[int]int{lilliput.JpegQuality: 80}` to set JPEG outputquality to `80`.\n\nValid keys/values for `opts` are\n\n* `JpegQuality` (1 - 100)\n* `PngCompression` (0 - 9)\n* `WebpQuality` (0 - 100).\n* `AvifQuality` (0 - 100)\n\n```go\nfunc (e lilliput.Encoder) Close()\n```\nClose the Encoder and release resources. The `Encoder` object must have `.Close()` called when it is no longer in use.\n\n## Building Dependencies\n\nGo does not provide any mechanism for arbitrary building of dependencies, e.g. invoking\n`make` or `cmake`. In order to make lilliput usable as a standard Go package, prebuilt\nstatic libraries have been provided for all of lilliput's dependencies on Linux and\nOSX. In order to automate this process, lilliput ships with build scripts alongside\ncompressed archives of the sources of its dependencies. These build scripts are provided\nfor [OSX](deps/build-deps-osx.sh) and [Linux](deps/build-deps-linux.sh).\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdiscord%2Flilliput","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fdiscord%2Flilliput","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdiscord%2Flilliput/lists"}